B. Amendments to the Claims 



1. (Cancelled) 

2. (Cancelled) 

3. (Cancelled) 

4. (Cancelled) 

5. (Cancelled) 



6. (Cancelled) 



7. (Original) A network storage access controller comprising: 

2 a) a first network interface coupleable to an initiator network accessible by 

3 a plurality of network clients to exchange first network data, wherein said first 

4 network data contains unencrypted media-level storage data; 

5 b) a second network interface coupleable to a target network through 

6 which a plurality of network storage volumes are accessible to exchange second 

7 network data, wherein said second network data contains encrypted media-level 

8 storage data; and 

9 c) a controller coupled between said first and second network interfaces 

10 operative to convert between said first and second network data, said controller 

1 1 including a crypto processor to encrypt and decrypt media-level storage data 

12 contained in said first and second network data. 

1 8. (Original) The network storage access controller of Claim 7 wherein said 

2 controller includes a plurality of crypto keys having a predetermined association 

3 with said plurality of network storage volumes and wherein said controller is 

4 operative to selectively apply said plurality of crypto keys to convert between said 

5 first and second network data. 
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1 9. (Original) The network storage access controller of Claim 8 wherein said 

2 first and second network data include predetermined network data packets that 

3 encapsulate media-level storage data, wherein said controller is operative to 

4 process encapsulated media-level storage data through said crypto processor 

5 selectively associated with a predetermined one of said crypto keys. 

1 1 0. (Original) The network storage access controller of Claim 9 wherein said 

2 predetermined network data packets encapsulate SCSI protocol data. 

1 11. (Original) The network storage access controller of Claim 1 0 wherein said 

2 predetermined network data packets conform to the iSCSI protocol. 

1 1 2. (Original) A network storage controller supporting client access to network 

2 attached data storage, said network controller being coupleable in a 

3 communications network between a plurality of client computers and a plurality 

4 of data stores, wherein said network storage controller provides for the transfer 

5 of network data between said client computers and said data stores, wherein said 

6 network data includes media-level data and wherein said network access 

7 controller provides for the selective encryption and decryption of said media-level 

8 data transferred with respect to said plurality of data stores. 

1 1 3. (Original) The network storage controller of Claim 1 2 wherein the transfer 

2 of network data between said client computers and said data stores is client 

3 directed subject to an access management policy autonomously implemented by 

4 said network storage controller, 

1 1 4. (Original) The network storage controller of Claim 1 3 wherein said access 

2 management policy defines a correspondence between said data stores and a 

3 plurality of encryption keys stored by said network storage controller. 

1 1 5. (Original) The network storage controller of Claim 1 4 wherein said access 

2 management policy defines a correspondence of data access permissions 

3 between users and said data stores. 
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1 16. (Original) The network storage controller of Claim 12 wherein said network 

2 storage controller provides for the proxy transfer of network data between said 

3 client computers and said data stores. 



1 17. (Original) A network media access controller configured as a network proxy 

2 portal to provide storage security for clients with respect to network attached 

3 storage devices, said network media access controller comprising a network data 

4 processor coupleable between an initiator network and a target network to 

5 provide for the proxy transfer of predetermined network protocol data packets 

6 containing media-level data between said initiator and target networks, said 

7 network data processor being operative to selectively process said predetermined 

8 network protocol data packets to encrypt and decrypt media-level data. 

1 1 8. (Original) The network media access controller of Claim 1 7 wherein said 

2 predetermined network protocol data packets conform to the iSCSI protocol and 

3 wherein said media-level data is SCSI media data. 

1 1 9. (Original) The network media access controller of Claim 1 7 wherein said 

2 network data processor includes a plurality of encryption keys and wherein 

3 network data processor selectively processes said predetermined network protocol 

4 data packets based on a predefined correspondence between, said plurality of 

5 encryption keys and a plurality of target storage resources accessible via said 

6 target network. 

1 20. (Original) The network media access controller of Claim 1 9 wherein said 

2 predefined correspondence supports a proxy mapping of a plurality of virtual 

3 target storage devices accessible via said initiator network by a plurality of client 

4 computer systems to said plurality of target storage resources accessible via said 

5 target network. 

1 21 . (Original) The network media access controller of Claim 20 wherein said 

2 predefined correspondence is associated with said plurality of virtual target 

3 storage devices. 
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1 22. (Original) The network nnedia access controller of Claim 21 wherein said 

2 network data processor implements a data packet filter to selectively provide for 

3 the proxy transfer of predetermined network protocol data packets. 

1 23. (Original) The network media access controller of Claim 22 wherein said 

2 predetermined network protocol data packets conform to the iSCSI protocol and 

3 wherein said media-level data is SCSI media data. 



1 24. (Original) A method of providing secure storage of data over a network 

2 connection, said method comprising the steps of: 

3 a) first processing network data packets, transferred over a network 

4 between a client computer system and a storage system, to identify predetermined 

5 network data packets containing media-level data; and 

6 b) second processing said predetermined network data packets to encrypt 

7 the media-level data contained in said predetermined network data packets being 

8 transferred to said storage system and to decrypt the media-level data contained 

9 in said predetermined network data packets being transferred to said client 
1 0 computer system. 

1 25. (Original) The method of Claim 24 wherein said storage system includes 

2 a plurality of storage resources and wherein said step of first processing 

3 determines a target storage resource from a predetermined network data packet, 

4 said method further comprising the step of selecting an encryption key 

5 corresponding to said target storage resource for use in connection with said 

6 second processing step with respect to said predetermined network data packet. 

1 26. (Original) The method of Claim 25 further comprising the step of 

2 selectively filtering network data packets permitted to be transferred over said 

3 network between said client computer system and said storage system. 

1 27. (Original) The method of Claim 26 further comprising the steps of: 

2 a) providing a plurality of virtual storage resources as target storage 

3 resources for said client computer system; and 

4 b) providing a mapping of said plurality of virtual storage resources to said 

5 plurality of storage resources wherein said mapping is used in said first processing 
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6 step to transfer network data packets over said network between said client 

7 computer system and said storage system. 

1 28. (Original) A method of managing the secure storage of data in network 

2 attached storage systems, said method comprising the steps of: 

3 a) establishing a network storage portal through which network storage 

4 data packets are passed between a client computer system and a network data 

5 store; and 

6 b) crypto processing, on passage through said network storage portal, 

7 media-level data contained within network storage data packets to selectively 

8 encrypt, at said network storage portal, media-level data passed to said network 

9 data store and selectively decrypt, at said network storage portal, media-level data 
10 passed from said network data store. 

1 29.. (Original) The method of Claim 28 wherein said network data store 

2 includes a plurality of network data store resources, said method further 

3 comprising the step of associating, at said network storage portal, media-level 

4 data encryption keys with said network data store resources to control the 

5 encryption and decryption of media-level data passed to and from said plurality 

6 of network data store resources. 

1 30. (Original) The method of Claim 29 further comprising the step of 

2 providing, at said network storage portal, for the management of a defined key 

3 correspondence between said plurality of media-level data encryption keys and 

4 said plurality of network data store resources. 

1 31 . (Original) The method of Claim 30 further comprising the steps of: 



2 a) presenting, at said network storage portal, a plurality of virtual network 

3 data store resources to said client computer system as targets for network storage 

4 data packets; and 

5 b) mapping, at said network storage portal, said plurality of virtual network 

6 data store resources to said plurality of network data store resources, 

7 wherein said step of providing further provides for the management of a 

8 defined map correspondence between said plurality of virtual network data store 

9 resources to said plurality of network data store resources. 
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. 1 32. (Original) The method of Claim 31 further comprising the step of filtering, 

2 at said network storage portal, the network storage data packets passed between 

3 said client computer system and said network data store, wherein said step of 

4 providing further provides for the management of a filter rule set used in said 

5 filtering step to determine which network storage data packets are passed 

6 between said client computer system and said network data store. 

1 33. (Original) The method of Claim 32 wherein said step of providing supports 

2 access by a management server to establish said defined key correspondence, 

3 said defined map, and said filter rule set. 

1 34. (Original) A network media access controller comprising: 

2 a) an initiator network interface coupleable through a first network to a 

3 client initiator, 

4 b) a target network interface coupleable through a second network to a 

5 storage target; and 

6 c) a network data processor coupled between said initiator and target 

7 network interfaces, wherein said client initiator and storage target communicate 

8 storage data over said first and second networks using a data transfer protocol 

9 encapsulated by a network communications protocol, wherein said data transfer 

10 protocol provides for the storage and retrieval of media-level data, wherein said 

1 1 network data processor is operative to transfer network data packets conforming 

12 to said network communications protocol between said initiator and target 

13 network interfaces, said network data processor being further operative to 

14 selectively encrypt and decrypt media-level data contained within network data 

15 packets transferred between said initiator and target network interfaces. 

1 35. (Original) The network media access controller of Claim 34 wherein said 

2 data transfer protocol is the SCSI protocol. 

1 36. (Original) The network media access controller of Claim 35 wherein said 

2 network communications protocol is the iSCSI protocol. 
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